Hello,
just use the ipsec-tools port from here
https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/ipsec-tools-0.8.1
.
You need to specify the sainfo with original subnet in braces the natted
subnet and the remote subnet.
Than enter spd policies related to local network and remote for o
On Wed, 25 Dec 2013, Zeus Panchenko wrote:
wishmaster wrote:
If I understand you correctly, you want binat inside IPSec and
that would not really work as policies wouldn't match easily.
I'm not sure ... what I want is to nat packets from net A before they
are entering IPSec, as if they o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
wishmaster wrote:
> If I understand you correctly, you want binat inside IPSec and
I'm not sure ... what I want is to nat packets from net A before they
are entering IPSec, as if they originate not on the freebsd host
so, they enters IPSec already
If I understand you correctly, you want binat inside IPSec and therefore you
must enable filtering in tunnel.
This will help you:
net.inet.ipsec.filtertunnel=1
Cheers,
w
--- Original message ---
From: "Zeus Panchenko"
Date: 25 December 2013, 20:11:05
> -BEGIN PGP SIGNED MESSAGE-
> "Gleb" == Gleb Smirnoff writes:
Gleb> Does the system panic the same way as described in
Gleb> misc/182141) on 10.0?
Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD
9.x, across 10.x, across 32-bit and 64-bit.
There's a related issue:
http://www.freebsd.org/cg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
please, may somebody help with the subj? is it possible at all on
FreeBSD with pf?
I need to binat some of my LAN (network A) ip addresses to some of
secure communication addresses (network B) for, behind IPSec network C,
access
target <-> world
On Mon, Dec 23, 2013 at 07:56:02AM +1300, Berend de Boer wrote:
B> pf has not worked well for me after version 8. Certain rules crash the
B> kernel
B> (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding
B> these rules gave me something that at least kept the system alive on a
B> 10-C